Skip to main content

NHSmail use by NHS Digital: GDPR information


Why and how we process your data within NHSmail, and your rights.

Controller NHS Digital
How we use the information (processing activities)

NHSmail is the chosen email service for NHS Digital. Account details are required to manage access to the system. NHS Digital sends and receives confidential information during the course of its activities.

Does this contain sensitive (special category) data such as health information? Yes
Who are recipients of this data?


Is data transferred outside the UK? Outside Europe - Account Details
How long the data is kept 180 days from account identified as inactive
Our lawful basis for holding this data Public task
Your rights
  • Tick Be informed
  • Tick Get access to it
  • Tick Rectify or change it
  • Cross Erase or remove it
  • Tick Restrict or stop processing it
  • Cross Move, copy or transfer it
  • Tick Object to it being processed or used
  • Tick Know if a decision was made by a computer rather than a person
How can you withdraw your consent?

Consent not the basis for processing

Is the data subject to decisions made solely by computers? (automated decision making) No
Where does this data come from? Within and external to NHS Digital
The legal basis for collecting this data

Public task and Health and Social Care Act (2012) – Schedule 18, part 10 (1)

Where NHS Digital uses this data



Sign in to your secure NHS email. NHSmail is a secure email service approved for sharing sensitive information.